CVE-2021-20241

Published: Mar 9, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Affected (3)

Products: Imagemagick: Imagemagick · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.11-62
Imagemagick Imagemagick	From 7.0.10 to 7.0.10-62

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

The product divides a value by zero.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1928952

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/pull/3177

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1928952

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/pull/3177

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.